- From: Sam Hartman <hartmans-ietf@mit.edu>
- Date: Sun, 21 Oct 2012 13:55:25 -0400
- To: Kingsley Idehen <kidehen@openlinksw.com>
- Cc: Ben Laurie <ben@links.org>, Henry Story <henry.story@bblfish.net>, Mouse <mouse@rodents-montreal.org>, "public-philoweb\@w3.org" <public-philoweb@w3.org>, "public-identity\@w3.org" <public-identity@w3.org>, "saag\@ietf.org" <saag@ietf.org>, "public-privacy\@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid\@w3.org" <public-webid@w3.org>
I think if I hear the phrase context fluidity or nebulous enttity one more time I'm going to give up in disgust. Those phrases don't have enough meaning to have any place in a security argument. You seem to believe that it is necessary to prove an event is related to a person in order to have a privacy problem. If there are 20 seditious (in the context of some government) messages posted and the government is able to link those events down to 3 machines and conclude that only 10 people had access to those machines at the same time, you have a privacy problem. If the government decides that executing 10 people is an acceptable cost those 10 people are just as dead even if 9 of them had nothing to do with it. Sitting there going "you never proved it was me, only my machine," isn't going to help you as the fluids of your context are leaking out of an ever more nebulous entity. The fact is that by linking events, people can gain information about real-world entities that might have had something to do with an event. To the extent they gain that information, there is a loss of privacy. Not all losses of privacy are bad. Not all linkability is bad. I give up privacy and create linkability every time I log into a site, so that I can store preferences, manage entries I've posted in the past, etc. Of course for the most part I'm not risking my fluid context with what I do online. I'd probably decide preferences weren't worth it if that was the potential price. But seriously, can we either move this discussion off IETF lists or use enough precision and stop hiding behind vague terminology that we can have a computer security discussion? Thanks for your consideration, --Sam
Received on Sunday, 21 October 2012 17:55:52 UTC